Petrobras
Company Details
Linkedin ID:
petrobras
Website:
Employees number:
54,919
Number of followers:
3,679,743
NAICS:
211
Industry Type:
Homepage:
petrobras.com.br
IP Addresses:
0
Company ID:
PET_1634199
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Petrobras Vendor Cyber Rating & Cyber Score
petrobras.com.brNosso propósito é prover energia que assegure prosperidade de forma ética, justa, segura e competitiva. Queremos ser a melhor empresa diversificada e integrada de energia na geração de valor, construindo um mundo mais sustentável, conciliando o foco em óleo e gás com a diversificação em negócios de baixo carbono (inclusive produtos petroquímicos e fertilizantes), sustentabilidade, segurança, respeito ao meio ambiente e atenção total às pessoas. Saiba mais em petrobras.com.br
Petrobras A.I CyberSecurity Scoring
Petrobras Risk Score (AI oriented)Between 750 and 799
Petrobras
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Petrobras Global Score (TPRM)XXXX
Petrobras
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Petrobras Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Petrobras
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Everest ransomware group claimed a data breach targeting Petrobras, Brazil’s state-owned oil giant, alleging the theft of over 176 GB of seismic navigation data, with 90+ GB belonging directly to Petrobras. The compromised files include highly sensitive technical details ship positioning, equipment configurations, hydrophone readings, depth measurements, quality control documents, metadata, and processed reports outlining survey progress and operational conclusions.Seismic surveys are critical for oil/gas exploration, requiring massive investments. Competitors gaining access to this data could replicate Petrobras’ methods, reduce their own costs, or leverage it in contract negotiations, undermining the company’s competitive edge. The group also targeted Campos Basin seismic surveys (3D/4D datasets), totaling another 90+ GB with similar sensitive information, including ship coordinates, source depths, and shot pressures.Everest demanded Petrobras contact them via Tox encrypted messaging within four days, threatening further action if ignored. The breach poses strategic risks to Petrobras’ industrial competitiveness and operational security, with potential long-term financial and reputational damage. The company has not yet publicly responded to the claims.
Petrobras Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Petrobras
Incidents vs Oil and Gas Industry Average (This Year)
No incidents recorded for Petrobras in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Petrobras in 2026.
Incident Types Petrobras vs Oil and Gas Industry Avg (This Year)
No incidents recorded for Petrobras in 2026.
Incident History — Petrobras (X = Date, Y = Severity)
Petrobras cyber incidents detection timeline including parent company and subsidiaries
Petrobras Company Subsidiaries
Nosso propósito é prover energia que assegure prosperidade de forma ética, justa, segura e competitiva. Queremos ser a melhor empresa diversificada e integrada de energia na geração de valor, construindo um mundo mais sustentável, conciliando o foco em óleo e gás com a diversificação em negócios de baixo carbono (inclusive produtos petroquímicos e fertilizantes), sustentabilidade, segurança, respeito ao meio ambiente e atenção total às pessoas. Saiba mais em petrobras.com.br
Loading...
Petrobras Similar Companies
Amec Foster Wheeler
Wood Group has combined with Amec Foster Wheeler to form a new global leader in the delivery of project, engineering and technical services to energy and industrial markets. To find out more about Wood visit our new website at www.woodplc.com For all the latest updates and job news follow Wood on L
Shell is a global group of energy and petrochemical companies, employing 96,000 people across 70+ countries. We serve around 1 million commercial and industrial customers, and around 33 million customers daily at our Shell-branded retail service stations. Our purpose is to power progress together b
TechnipFMC
TechnipFMC is a leading technology provider to the traditional and new energies industry, delivering fully integrated projects, products, and services. With our proprietary technologies and comprehensive solutions, we are transforming our clients’ project economics, helping them unlock new possibi
At Enbridge, our goal is to be the first-choice energy delivery company in North America and beyond—for customers, communities, investors, regulators and policymakers, and employees. We also recognize the importance of a secure, reliable and affordable supply of energy, which we deliver every day th
Valero
Valero is an international manufacturer and marketer of transportation fuels and petrochemical products. We are a Fortune 500 company based in San Antonio, Texas, fueled by nearly 10,000 employees and 15 petroleum refineries with a combined throughput capacity of approximately 3.2 million barrels pe
Weatherford International plc (Nasdaq: WFRD) is a leading global energy services company. Operating in approximately 75 countries, the Company answers the challenges of the energy industry with its global talent network of approximately 17,000 team members and approximately 350 operating locations,
ExxonMobil
The need for energy is universal. That's why ExxonMobil scientists and engineers are pioneering new research and pursuing new technologies to reduce emissions while creating more efficient fuels. We're committed to responsibly meeting the world's energy needs. We aim to achieve #netzero emissions
Ecopetrol
Ecopetrol (NYSE: EC) es la compañía más grande en Colombia y uno de los principales grupos de energía de Latinoamérica. Cuenta con más de 18.000 empleados y es responsable del 60% de la producción de hidrocarburos en Colombia. Es propietaria de las dos refinerías del Colombia y de la gran parte de l
Suncor
In 1967, we pioneered commercial development of Canada's oil sands – one of the largest petroleum resource basins in the world. Since then, Suncor has grown to become a globally competitive integrated energy company with a balanced portfolio of high-quality assets, a strong balance sheet and signifi
.png)
Petrobras CyberSecurity News
March 21, 2026 04:14 AM
Petrobras breaks pre-salt oil processing records at its refineries
Free translation and writing by: Franyi Sarmiento, Ph.D., Inspenet, May 18, 2022. The oils have a high yield from derivatives with high added value and have...
March 01, 2026 08:00 AM
US earnings week ahead: The state of the consumer and the next wave of AI networking
All eyes are on Iran at the moment but let's change gears for a moment and have a look at the US earnings calendar.The last few weeks have...
January 31, 2026 08:00 AM
Petrobras raises proven reserves to 12.1 billion boe
Petrobras raises its proven reserves to 12.1 billion boe in 2025. Its 175% replacement rate ensures energy stability.
November 26, 2025 08:00 AM
The Week in Breach News: November26, 2025
A wave of major global ransomware attacks targets IGT, an LG subsidiary, and Petrobras.
November 20, 2025 08:00 AM
Everest Ransomware Says It Breached Brazilian Energy Giant Petrobras
Everest ransomware claims to have stolen over 180GB of seismic survey data from Petrobras, demanding contact through qTox with a countdown...
August 12, 2025 07:00 AM
DOF Group and Petrobras establish million-dollar contracts
DOF Group and Petrobras sign charter contracts for more than USD 275 million in Brazil, with the Skandi Carla and Geoholm vessels.
July 01, 2025 07:00 AM
DOF secures two new offshore contracts with Petrobras in Brazilian waters
DOF Group was selected by Petrobras to strengthen its maritime operations in Brazil through two long-term offshore contracts.
December 23, 2024 08:00 AM
How to Get a Cybersecurity Analyst Role in Brazil?
To land a cybersecurity analyst role in Brazil, focus on essential skills like network security, ethical hacking, and soft skills such as communication.
December 23, 2024 08:00 AM
Top Cybersecurity Employers in Brazil: Who's Hiring and What They Look For
Discover the top cybersecurity employers in Brazil, what they're looking for, and how to get hired. Start your career in Brazil's booming...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Petrobras CyberSecurity History Information
Official Website of Petrobras
The official website of Petrobras is http://www.petrobras.com.br.
Petrobras’s AI-Generated Cybersecurity Score
According to Rankiteo, Petrobras’s AI-generated cybersecurity score is 773, reflecting their Fair security posture.
How many security badges does Petrobras’ have ?
According to Rankiteo, Petrobras currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Petrobras been affected by any supply chain cyber incidents ?
According to Rankiteo, Petrobras has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Petrobras have SOC 2 Type 1 certification ?
According to Rankiteo, Petrobras is not certified under SOC 2 Type 1.
Does Petrobras have SOC 2 Type 2 certification ?
According to Rankiteo, Petrobras does not hold a SOC 2 Type 2 certification.
Does Petrobras comply with GDPR ?
According to Rankiteo, Petrobras is not listed as GDPR compliant.
Does Petrobras have PCI DSS certification ?
According to Rankiteo, Petrobras does not currently maintain PCI DSS compliance.
Does Petrobras comply with HIPAA ?
According to Rankiteo, Petrobras is not compliant with HIPAA regulations.
Does Petrobras have ISO 27001 certification ?
According to Rankiteo,Petrobras is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Petrobras
Petrobras operates primarily in the Oil and Gas industry.
Number of Employees at Petrobras
Petrobras employs approximately 54,919 people worldwide.
Subsidiaries Owned by Petrobras
Petrobras presently has no subsidiaries across any sectors.
Petrobras’s LinkedIn Followers
Petrobras’s official LinkedIn profile has approximately 3,679,743 followers.
NAICS Classification of Petrobras
Petrobras is classified under the NAICS code 211, which corresponds to Oil and Gas Extraction.
Petrobras’s Presence on Crunchbase
Yes, Petrobras has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/petrobras.
Petrobras’s Presence on LinkedIn
Yes, Petrobras maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/petrobras.
Cybersecurity Incidents Involving Petrobras
As of April 04, 2026, Rankiteo reports that Petrobras has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Petrobras has an estimated 10,824 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Petrobras ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does Petrobras detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with no public comment as of disclosure, communication strategy with media outreach by hackread.com for statement..
Incident Details
Can you provide details on each incident ?
Title: Everest Ransomware Group Targets Petrobras in Alleged Data Breach Involving Seismic Survey Data
Description: The Everest ransomware group listed two separate entries on its dark web leak site, both targeting Petrobras, a Brazilian state-owned petroleum corporation. The group claims to have stolen over 176 GB of seismic navigation data, including highly sensitive technical information related to Petrobras and its partner firm, SAExploration. The data includes ship positioning, equipment configurations, hydrophone readings, depth measurements, quality control documents, metadata, and processed reports. The group has demanded Petrobras contact them via Tox within four days or face further action. The breach could enable competitors to replicate Petrobras’ methods, lower their own costs, or gain leverage in contract negotiations.
Date Publicly Disclosed: 2025-11-14
Type: data breach
Threat Actor: Everest Ransomware Group
Motivation: financial gaindata exfiltration for competitive advantage
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : data breach PET1592215112025
Data Compromised: Seismic navigation data (176 gb total), Ship positioning, Equipment configurations, Hydrophone readings, Depth measurements, Quality control documents, Metadata, Processed reports, 3d/4d seismic survey data (90 gb), Ship coordinates, Source depths, Shot pressures, Equipment alignment, Field survey documentation
Operational Impact: potential replication of Petrobras’ seismic survey methods by competitorslowered costs for competitorsleverage in contract negotiationsstrategic disadvantage in energy sector operations
Brand Reputation Impact: potential damage due to exposure of sensitive industrial datalack of public response may exacerbate reputational harm
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Seismic Navigation Data, Technical Operational Data, 3D/4D Survey Datasets, Quality Control Documents, Metadata, Processed Field Reports and .
Which entities were affected by each incident ?
Incident : data breach PET1592215112025
Entity Name: Petrobras
Entity Type: majority state-owned multinational corporation
Industry: petroleum (oil and gas)
Location: Rio de Janeiro, Brazil
Size: large (multinational)
Incident : data breach PET1592215112025
Entity Name: SAExploration
Entity Type: partner firm
Industry: oil and gas (seismic data services)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : data breach PET1592215112025
Communication Strategy: no public comment as of disclosuremedia outreach by Hackread.com for statement
Data Breach Information
What type of data was compromised in each breach ?
Incident : data breach PET1592215112025
Type of Data Compromised: Seismic navigation data, Technical operational data, 3d/4d survey datasets, Quality control documents, Metadata, Processed field reports
Sensitivity of Data: high (industrial trade secrets, proprietary survey methods, competitive intelligence)
Data Exfiltration: 176 GB total (90 GB directly attributed to Petrobras; additional 90 GB from Campos Basin surveys)
File Types Exposed: databasesdocumentsprocessed reportssurvey progress logsinitial field conclusions
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : data breach PET1592215112025
Ransom Demanded: ['unspecified amount', 'contact via Tox within 4 days']
Ransomware Strain: Everest Ransomware
Data Exfiltration: 176 GB (seismic and survey data)
References
Where can I find more information about each incident ?
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Hackread.comDate Accessed: 2025-11-14.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : data breach PET1592215112025
Investigation Status: ongoing (no public confirmation from Petrobras; media outreach pending)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through No Public Comment As Of Disclosure and Media Outreach By Hackread.Com For Statement.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : data breach PET1592215112025
High Value Targets: Seismic Survey Databases, Proprietary Oil/Gas Exploration Data,
Data Sold on Dark Web: Seismic Survey Databases, Proprietary Oil/Gas Exploration Data,
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was ['unspecified amount', 'contact via Tox within 4 days'].
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Everest Ransomware Group.
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-14.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were seismic navigation data (176 GB total), ship positioning, equipment configurations, hydrophone readings, depth measurements, quality control documents, metadata, processed reports, 3D/4D seismic survey data (90 GB), ship coordinates, source depths, shot pressures, equipment alignment, field survey documentation and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were shot pressures, processed reports, quality control documents, ship positioning, 3D/4D seismic survey data (90 GB), source depths, depth measurements, hydrophone readings, field survey documentation, metadata, seismic navigation data (176 GB total), equipment alignment, ship coordinates and equipment configurations.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was ['unspecified amount', 'contact via Tox within 4 days'].
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Hackread.com.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (no public confirmation from Petrobras; media outreach pending).
.png)
Latest Global CVEs (Not Company-Specific)
Description
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95.
Risk Information
cvss3
Base: 8.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. This issue has been patched in version 4.5.97.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete service outage. This issue has been patched in version 4.5.90.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=petrobras' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
